…do not try this at home…well do not try this anywhere :-)

Today I lost half of the day dealing with a nasty and horrible error, on a staging environment, trying to host Azure login pages locally instead that on the Azure ACS portal.

It was not working, even if it should be really, really trivial to setup. After dealing with the trace recorded by fiddler for a couple of hours I realized that the whole problem is related to the WIF configuration of the web application:

<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="https://localhost/MyWebApp/" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<trustedIssuers>
<add thumbprint="---" name="---" />
</trustedIssuers>
</issuerNameRegistry>
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
<system.identityModel.services>
<federationConfiguration>
<cookieHandler requireSsl="false" path="/MyWebApp" />
<wsFederation passiveRedirectEnabled="true" issuer="http://----/wsFederationSTS/Issue" realm="https://localhost/MyWebApp/" requireHttps="false" />
</federationConfiguration>
</system.identityModel.services>

Removing the “path” attribute from the “cookieHandler” element solved the problem immediately.

Developer advised… :-)

.m